Abstract:The Google Desktop Search is an indexing tool, currently in beta testing, designed to allow users fast, intuitive, searching for local files. The principle interface is provided through a local web server which supports an interface similar to <a class="link-external link-http" href="http://Google.com" rel="external noopener nofollow">this http URL</a>'s normal web page. Indexing of local files occurs when the system is idle, and understands a number of common file types. A optional feature is that Google Desktop can integrate a short summary of a local search results with <a class="link-external link-http" href="http://Google.com" rel="external noopener nofollow">this http URL</a> web searches. This summary includes 30-40 character snippets of local files. We have uncovered a vulnerability that would release private local data to an unauthorized remote entity. Using two different attacks, we expose the small snippets of private local data to a remote third party.

Attacks on Local Searching Tools